Security for the Internet of Radios - real threats, right Now, ready or Not bastille.net - Bastille Networks
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
white paper
Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
bastille.net
Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
Table of Contents
It’s Time to Take the Blinders Off.....................................................................3
IoT Vulnerabilities in the Enterprise – Where Are They?...............................3
Why Conventional Wireless Security Can’t Touch the IoT Threat.................4
Why IoT Exposes a Fragmented Security Posture in the Enterprise............5
MouseJack Case Study......................................................................................6
Bastille Networks Solves the IoT Security Dilemma.......................................7
C-Suite Protection Radio (RF) Vulnerability Protection..................................8
Facility/Campus Headquarters Radio (RF) Vulnerability Protection.............9
Call Center Radio (RF) Vulnerability Protection........................................... 10
Data Center Radio (RF) Vulnerability Protection......................................... 11
TSCM: Technical Surveillance Counter Measures....................................... 13
Space Utilization............................................................................................. 14
Securing Enterprise Assets from IoT Risks................................................... 15
About Bastille.................................................................................................. 16
bastille.net / info@bastille.net / 800.530.3341 2
Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
Threats are becoming more complex as criminals look for new ways to use technology in their
quest for valuable data. As the number of connected devices grows to more than 50 billion by
2020, the IoT will provide an unprecedented expansion of new threat vectors and Enterprise
companies need to be able to respond. Bastille is providing the security solutions to allow
Enterprise companies to rapidly respond to this new threat vector.
It’s Time to Take the Blinders Off Second, IoT has blurred the line between personal,
operational and enterprise security. An automobile’s
The Internet of Things is no longer a nebular IT security
systems overtaken mid-drive? It’s happened. Keystrokes
concern – it’s a fully formed enterprise threat. By 2020,
intercepted? In less than 10 seconds. These are the kind of
experts estimate that more than 25 percent of identified
examples that come to mind when most people think of IoT
enterprise attacks will involve IoT. Disproportionately, IoT
security exploits. But, what about a perpetrator intercepting
will account for less than 10 percent of IT security budgets.1
keystrokes or a building control system hack taking down
To stay ahead of this threat, smart enterprises are tackling a data center? These are real, enterprise-grade threats and
this vulnerability head on. This starts with acknowledgment point to a larger issue. The distinction between consumer
of three key dynamics shaping the IoT security landscape: and enterprise security is an outdated construct. Companies
that don’t embrace this view will find themselves attractive
First, IoT security isn’t an emerging threat – it’s here. targets for cyberattack.
There is nothing “emerging” about IoT-related security
threats. In 2016, 6.4 billion connected devices (or “things”) Third, WiFi security is not enough. Many companies rely
will be in use worldwide with 5.5 million new ones connecting on secure WiFi to protect against wireless threats. But, only
every day.2 This means more attack vectors and more a subset of wireless devices communicate across the RF
opportunity for exploitation. spectrum using WiFi protocols. Billions more connect using
non-WiFi protocols, which leaves these organizations wide
open to nefarious activity.
The sum of these dynamics equates to a threat landscape
that is broader and more dangerous than many enterprises
realize. Companies need to understand their weaknesses
in this evolving context and calibrate their security
posture accordingly.
IoT Vulnerabilities in the
Enterprise – Where Are They?
IoT security vulnerabilities are everywhere across the
enterprise. They range from obvious personal devices
like employee smartphones to “hidden” culprits like
automated security cameras. These threats typically
fall into three categories:
Threats across the
enterprise environment.
bastille.net / info@bastille.net / 800.530.3341 3
Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
Employee-related threats: The usual suspects are Vendor/Contractor-related threats: Mobility has
employee’s laptops, tablets and smartphones. While these transformed the service industry. Workers in construction
are often governed by BYOD and IT policies, the security and repair, vending, delivery and other services frequently
gains of these policies are marginal at best. Fifty-one use mobile handheld devices and RFID tracking technologies
percent of millennials in the workforce admit to knowingly to perform tasks. Others have network access credentials.
disregarding these policies. Other threats include wearable When Target was hacked in 2014, resulting in a massive
mobile devices (FitBit, Apple Watch, Garmin, etc) as well as credit card data breach affecting 70 million customers, the
less conspicuous devices like wireless-enabled pacemakers initial intrusion was traced back to an HVAC technician.
and insulin pumps.
Industrial Control-related threats: These include basic
automated building control systems like security and heating/
cooling. They also include sophisticated supervisory control
and data acquisition (SCADA) and distributed control systems
Most Vulnerable Enterprise Targets found in industrial sectors (electrical, water, oil and gas)
• Data centers – a simple 4G hotspot left behind can and critical infrastructure.
be a gateway to an information goldmine
• Executive offices/boardrooms – an antenna in a
Why Conventional Wireless
delivery package can put hackers in close proximity Security Can’t Touch the IoT Threat
to targets Conventional wireless security solutions focus on perimeter
network defense. UTM, IPS, IDS and authentications solutions
• Automated building systems – hackers can easily
are great at preventing, detecting and monitoring threats
access HVAC, security and building access system data
coming over the network. But, they’re inept at protecting
• Personal computer peripheral devices – wireless against IoT-related attacks.
keyboards and mice can give uncontrolled access
to enterprise data
Bastille’s sensors are installed on-premise and
link to our SaaS cloud analytics platform.
bastille.net / info@bastille.net / 800.530.3341 4
Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
Unlike traditional IT security exploits, IoT threats gain Why IoT Exposes a Fragmented
enterprise access through the broader Radio Frequency (RF)
Security Posture in the Enterprise
spectrum. It’s not just a laptop or smartphone accessing
corporate WiFi that presents a threat; it’s any device The IoT does more than expose cybersecurity gaps;
enabled by Bluetooth, NFC, RFID, Z-Wave, ZigBee or it underscores a fragmented and outdated approach to
2G/3G/4G protocols. enterprise-wide security.
It’s no longer enough to protect the perimeter. Enterprises In the past, security has been a departmentalized endeavor.
need to protect themselves against threats spanning the Operational technology security has been within the purview
entire RF spectrum emerging on both legacy and tomorrow’s of facilities management – think identity access management
IoT protocols. (e.g. building access) and other physical security measures.
Infosec, on the other hand, has fallen under the jurisdiction
of the IT department. To make matters worse, departments
like sales and marketing often run their own cloud-based,
micro IT ecosystems without any internal IT security oversight.
common device protocols
IoT is forcing companies to take a holistic view of security
• WiFi - wireless local area network using 2.4 across all aspects of their operations, but there are several
gigahertz and 5 gigahertz radio bands roadblocks. There are vast differences in how operational
• Cellular - 2G, 3G, 4G, LTE and IT security stakeholders identify, manage and fix
vulnerabilities. The processes and tools for an admin tasked
• Bluetooth/BLE - consumer mobile products and with assigning/revoking building access cards look very
wearables different compared to ones specified for managing network
• ZigBee - Mesh network home automation access or data security.
• Z-Wave - Mesh networking for industrial sensing The problem is that IoT is blurring the lines between these
areas of the business, and some companies are already
• DECT - Wireless headset
paying the price. As mentioned earlier, it was a vulnerability
• Enocean - Low-power RF exposed through a HVAC technician’s mobile device that
took down a retail giant. In another instance, a 4G hotspot
• nRF24 - Mouse/keyboard detection
planted inside of a data center exposed one company to
massive data exfiltration. These are just two examples where
the disconnect between physical and IT security have
threatened the reputation and financial health of a business.
It’s important to note that many devices connect to the RF
spectrum are using proprietary protocols, which means
enterprises can’t get “under the hood” to inspect and fix
vulnerabilities that arise in their unique IT ecosystem.
Many of these device protocols were meant for a single
use including IoT-enabled light bulbs, wireless keyboards
and mice, and industrial controls like pressure sensors and
water gauges. In most instances, these devices and their
protocols don’t support security patches – even when the
manufacturer discovers a vulnerability.
bastille.net / info@bastille.net / 800.530.3341 5
Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
MouseJack Case Study
MouseJack is a collection of security vulnerabilities 1. Keystroke injection, spoofing a mouse
affecting non-Bluetooth wireless mice and keyboards. When processing received RF packets, some dongles
Bastille’s research team tested seven vendor’s products do not verify that the type of packet received matches
and discovered that it was possible for an attack to take the type of device that transmitted it. Under normal
complete control over a victim’s computer using a circumstance, a mouse will only transmit movement/
$15 dongle. clicks to the dongle, and a keyboard will only transmit
keypresses. If the dongle does not verify that the packet
Wireless mice and keyboards commonly communicate type and transmitting device type match, it is possible
using proprietary protocols operating in the 2.4GHz ISM for an attacker to pretend to be a mouse, but transmit
band. These devices work by transmitting radio frequency a keypress packet. The dongle does not expect packets
packets to a USB dongle plugged into a user’s computer. coming from a mouse to be encrypted, so it accepts the
When a user presses a key on their keyboard or moves keypress packet, allowing the attacker to type arbitrary
their mouse, information describing the actions are then commands on the victim’s computer.
sent wirelessly to the USB dongle. The dongle listens for
these radio frequency packets and transmits the actions 2. Keystroke injection, spoofing a keyboard
to the user’s computer. Most of the tested keyboards encrypt data before
transmitting it wirelessly to the dongle, but not all of the
In order to prevent eavesdropping, most vendors dongles tested required that encryption to receive the
encrypt the data being transmitted by wireless keyboards, data. This makes it possible for an attacker to pretend
however it appears that the same security was not built to be a keyboard, and transmit unencrypted keyboard
into the mouse communications. The communication packets to the dongle.
between the dongle and mice tested by the research
team showed that there was no authentication in place, 3. Forced pairing
leaving the dongle unable to determine the difference It is possible to bypass pairing mode on some dongles
between commands originating from the user’s mouse and pair a new device without any user interaction. In
and those coming from an attacker. This results in the the case where a victim only has a mouse, but is using
ability for an attacker to pretend to be a mouse and a dongle vulnerable to keystroke injection by spoofing
transmit their own packets to the dongle. a keyboard, an attacker can pair a fake keyboard with
the dongle, and use it to type arbitrary commands on
Specifics of the discovered vulnerabilities vary from
the victim’s computer.
vendor to vendor, but they generally fall into one of
three categories:
Attacker generates Attacker’s USB dongle Victim’s USB dongle receives
an unencrypted transmits an unencrypted and types the unencrypted
keystroke sequence keystroke sequence malicious keystrokes
bastille.net / info@bastille.net / 800.530.3341 6Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
solution
Bastille Networks Solves the IoT Security Dilemma
Bastille’s IoT security solution gives companies full Call Center Radio (RF) Vulnerability Protection: Call Centers
situational awareness and control of all wireless devices deal with very sensitive customer data such as personally
within their facility. Its technology tracks the location and identifiable information, including social security numbers,
activity of all internet-connected and wireless devices bank financial records such as credit card details, and the
on premise. As a result, security executives can prevent like. The top priority is keeping that data protected. The
the theft of valuable information and protect employees attack vector that Call Centers are most vulnerable to are
throughout their environment. their employees and the devices that they bring along.
Data Center Radio (RF) Vulnerability Protection:
How It Works
The Data Center contains the crown jewels for an organization.
Bastille deploys a mesh network of proprietary radio
In addition to the IT equipment we all think about, Data
frequency (RF) sensors throughout the customer facility.
Centers are loaded with industrial equipment (chillers, lighting,
These sensors are able to track the location and emissions
power, etc.) and often frequented by contractors. Many
of all wireless devices within their environment. Bastille’s
vectors expose a Data Center to risk, and as a result, Data
system sends updates and alerts to end-users to help
Center security has long been the recipient of significant
immediately stop ongoing intrusions and threats.
budget and attention from both physical and cyber security
Bastille provides the situational awareness required to: organizations. Data Centers have the highest physical
security for any organization, often employing mantraps,
• Identify wireless devices or protocols that may pose biometrics, and expanded video coverage. On the cyber
a risk to the environment
side, large budgets are deployed for endpoint security
• Prevent intruders from hacking into the facility network and intrusion prevention for the wired infrastructure.
• Prevent unwanted personnel from entering secure areas
TSCM: Technical Surveillance Counter Measures: There are
• Prevent the unwanted transmission (exfiltration) many ways for bad actors to exfiltrate information from an
of information from the facility organization. For example, covert transmitters can create
• Report on or control access and egress within the facility voice or data channels that are difficult to detect. These
devices commonly use wireless protocols at unmonitored
C-Suite Radio (RF) Vulnerability Protection: The C-Suite frequencies. For data exfiltration, cellular protocols are the
has the most access to valuable information about strategy, most prevalent example of an “out-of-band” network that
financial results, customers, partners, employees and can move large amounts of data. Organizations are finding
intellectual property. In particular, executive boardrooms, it harder and harder to monitor the entire radio frequency
suites, and even homes hold, carry, and publish very sensitive spectrum of protocols and bands for anomalous and/or
information in both oral and written formats. Whether you high volume exfiltration signatures.
are a Fortune 500 corporation or a mid-sized business,
keeping the C-Suite protected is a top priority.
Facility/Campus Headquarters Radio (RF) Vulnerability
Protection: Many organizations are interested in under-
standing employee behavior and what types of devices are
entering their offices and campuses. Large organizations
with sensitive data want to know the movements of devices
in their environment in order to get a holistic view of all
the activity in the radio frequency spectrum within their
combined premises.
bastille.net / info@bastille.net / 800.530.3341 7Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
solution
C-Suite Radio (RF) Vulnerability Protection
The C-Suite has the most access to valuable information 2 Inform you of the attach surface for each of these devices
about strategy, financial results, customers, partners,
3 Alert on active wireless attacks on those devices through
employees and intellectual property. In particular, executive
your existing SIEM systems
boardrooms, suites, and even homes hold, carry, and publish
very sensitive information in both oral and written formats. 4 Suggest best practices for minimizing the attack surface
Whether you are a Fortune 500 corporation or a mid-sized and mitigating an attack in action
business, keeping the C-Suite protected is a top priority.
Specifically, a solution must:
The Problem: Inconsistent Monitoring • Detect all devices operating in the wireless spectrum
Many critical meetings and data pass through the executive between 100 kHz and g GHz, to include WiFi, cellular,
suites and boardrooms, which makes this area susceptible Bluetooth, and the hundreds of other protocols in the
to bugs, International Mobile Subscriber Identity (IMSI) Internet of Things (IoT)
catchers, and other nefarious tools used to listen and record. • Capture the wider RF spectrum; not just specific protocols
Typical solutions try to solve this problem by point-in-time
methods, such as bug sweeps, which prove to be very costly • Provide awareness into any wireless threats, including
and ineffective. In order to fully protect the C-Suite, the active attacks, rogue networks, and misconfigured devices
radio frequency spectrum needs constant monitoring to • Have the ability to track the movement of devices – which
understand the transmissions of devices in the environment. include radios – to augment existing security measures
In the C-Suite, it is imperative to monitor for unauthorized • Show device movements to help enforce access policies
access to secured areas, based on badge level or known
• Enforce company BYOD/IoT policies
and unknown employees. The boardroom is often required
to be a no-device-allowed zone, but enforcing this policy • Detect unauthorized access
can be time consuming, costly, and ineffective.
• Detect data exfiltration through wireless devices
C-Suite vulnerabilities include: • Allow the physical security to quickly detect and localize
• Unauthorized employee access any malicious devices
• Tailgating and other methods of entry to high risk areas • Include geofencing capabilities to understand and protect
areas with sensitive data
• Rogue wireless devices and networks being used for data
exfiltration and eavesdropping through the RF spectrum • Detect vulnerable devices being installed
• Detect rogue cell towers which can send signals into
Typical security solutions have very little visibility into the
your C-Suite
radio frequency space, allowing for no knowledge of the
devices in call centers and how they are behaving, making
BYOD policy enforcement very difficult. What Kind of Organizations
Need This Solution?
The Requirements for a C-Suite
• All organizations that have centralized meeting facilities
Radio Security Solution and executive office suites where sensitive matters
are housed.
A C-suite radio security solution needs to:
1 Provide visibility into the wireless networks, traffic,
and devices operating in your environment
bastille.net / info@bastille.net / 800.530.3341 8Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
solution
Facility/Campus Headquarters Radio (RF) Vulnerability Protection
Many organizations are interested to understand employee 3 Alert on active wireless attacks on those devices through
behavior and what types of devices are entering their offices your existing SIEM systems, and
and campuses. Large organizations with sensitive data want
4 Suggest best practices for minimizing the attack surface
to know the movements of devices in their environment
and mitigating an attack in action.
in order to get a holistic view of all the activity in the radio
frequency spectrum within their combined premises. Specifically, a solution must:
• Detect all devices operating in the wireless spectrum
The Problem between 100 kHz and 6 GHz, to include WiFi, cellular,
Currently organizations do not have an all-inclusive view Bluetooth, and the hundreds of other protocols in the
into the wireless devices and traffic in their corporate office Internet of Things (IoT)
environments. In order to protect from the emerging threats
associated with the wireless spectrum, campuses must first • Capture the overall wider RF spectrum, not just
recognize the devices and protocols in their airspace. specific protocols
• Provide awareness into any wireless threats including
Understanding employees’ patterns and their associated
active attacks, rogue networks, and misconfigured devices
devices gives a view into the insider threat scenario. Rogue
devices, data exfiltration, misconfigured equipment, • Have the ability to track the movement of devices, which
personnel accountability, and insider threats are all include radios, to augment existing security measures
possible via nefarious devices. Additionally, this data helps
• Show device movements to help enforce access policies
the corporate real estate department understand traffic
flows and workplace productivity to help with future real • Enforce company BYOD/IoT policy
estate planning.
• Detect unauthorized access
Facility/Campus Headquarters • Detect data exfiltration through wireless devices
Security Vulnerabilities include:
• Allow the physical security to quickly detect and localize
• Unauthorized devices on premises any malicious devices
• Individuals in unauthorized areas • Include geofencing capabilities to understand and
• The wireless threat surface associated protect areas with sensitive data
with the devices in the RF spectrum
• Detect vulnerable devices being installed
• Improperly configured devices which can leave • Detect rogue cell towers which can send signals
an open gateway for attackers to eavesdrop
into your facility
on activities and other nefarious activities
What Kind of Organizations
The Requirements for a
Need This Solution?
Facility Radio Security Solution
• Fortune 2000, financial services, technology and other
An office facility radio companies with large facilities.
security solution needs to:
1 Provide visibility into the wireless networks, traffic,
and devices operating in your environment,
2 Inform you of the attack surface for each of these devices,
bastille.net / info@bastille.net / 800.530.3341 9Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
solution
Call Center Radio (RF) Vulnerability Protection
Call Centers deal with very sensitive customer data such as • Typical security solutions have very little visibility into
personally identifiable information including social security the radio frequency space allowing for no knowledge
numbers, bank financial records such as credit card details, of the devices in call centers and how they are behaving,
and the like. The top priority is keeping that data protected. making BYOD policy enforcement very difficult.
The attack vector that Call Centers are most vulnerable to
are their employees and the devices that they bring along. The Requirements for a
Call Center Radio Security Solution
The Problem
Call centers handle large volumes of requests by telephone A call center radio security solution needs to:
daily. Many of those requests involve the transfer of highly 1 Provide visibility into the wireless networks and
sensitive data and records. Call center protection has traffic operating in your environment,
become very complex with the influx of wireless devices 2 Inform you of the devices in your environment
that can easily capture records for data exfiltration. Centers and their behaviors,
want their employees to be device free in order to guard
3 Alert on active wireless attacks on those devices
against unauthorized activities, but accomplishing this goal
through your existing SIEM systems, and
is a challenge. One of the unauthorized activities includes
bringing devices into an area that is not approved for cell 4 Suggest best practices for minimizing the attack
phones or laptops. For example, an employee with a cell surface and mitigating an attack action.
phone or other wireless device can take pictures of sensitive
Specifically, a solution must:
data displayed on a monitor and backhaul it out of the center.
• Detect all devices operating in the wireless spectrum
Call Center Security Vulnerabilities include: between 100 kHz and 6 GHz, to include WiFi, cellular,
Rogue wireless devices and networks Bluetooth, and the hundreds of other protocols in the
being used for data exfiltration Internet of Things (IoT)
• Security teams have little visibility into the Radio • Provide awareness of any wireless threats including active
Frequency Spectrum; therefore monitoring the attacks, rogue networks, and misconfigured devices
influx of devices into call centers is difficult. • Detect ingress and egress: Have the ability to track the
Improperly configured devices movement of devices, both authorized and unauthorized,
• Unencrypted DECT headsets and devices using other which include radios, to augment existing security measures
protocols leave an open gateway for attackers to • Show device movements to help enforce access policies
eavesdrop on activities
• Detect unauthorized access
DECT Network Scanning • Detect data exfiltration through wireless devices
• The nature of DECT’s base-station selection criteria
• Include geofencing capabilities to understand and protect
means the FP constantly transmits RFPI information,
specific areas
easily exposing it to network discovery and scanning
attacks. In these attacks, attackers are able to identify • Detect vulnerable devices being installed
and eavesdrop on the activity of DECT networks. • Detect misconfigured devices
• Many DECT devices do not implement the optional encryp- • Enforce company BYOD/IoT policy
tion capabilities available in the DECT Standard Cipher (DSC)
algorithm. Further, it is very difficult for consumers to know
What Kind of Organizations
if their selected DECT hardware supports encryption, leaving Need This Solution?
many consumers and businesses vulnerable to audio • Call Centers
recording and eavesdropping attacks.
• Organizations with wireless headsets that handle
sensitive/confidential data
bastille.net / info@bastille.net / 800.530.3341 10Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
solution
Data Center Radio (RF) Vulnerability Protection
The Data Center contains the crown jewels for an organization. passwords (0000) are used that are simple to find from a
In addition to the IT equipment we think about, Data Centers Google search. As a result, without the knowledge of Data
are loaded with Industrial equipment (chillers, lighting, Center personnel who aren’t using it, the Radio Ready client
power, etc.) and often frequented by contractors. Many is constantly beaconing for a radio controller to pair with
vectors expose a Data Center to risk, and as a result, Data it and give it instructions. For instance, a misconfigured
Center security has long been the recipient of significant ZigBee interface on a chiller could enable an attacker to
budget and attention from both physical and cyber security interrupt Data Center operations. Knowledge of all wireless
organizations. Data Centers have the highest physical transmitters in a Data Center makes it possible to minimize
security for any organization, often employing mantraps, the wireless attack surface.
biometrics, and expanded video coverage. On the cyber
side, large budgets are deployed for endpoint security and Data Center Security Vulnerabilities Include:
intrusion prevention for the wired infrastructure. Rogue wireless devices and networks
being used for data exfiltration
However, there is an attack vector capable of penetrating
• Typical exfiltration prevention techniques involve
Data Center walls and bypassing the firewalls, namely radio
monitoring corporate networks and preventing the use
frequency (RF) based attacks.
of USB ports for storage. However, by utilizing cellular
or other “hard to see” protocols, attackers can bypass
The Problem these controls.
Data Centers consist of many computers, industrial
• Nefarious devices such as pwn plugs and pineapples
equipment, and personnel, all having components that
that are left in Data Centers to specifically steal data
may communicate wirelessly. These wireless devices operate
and backhaul that data out over cellular.
on a variety of wireless protocols, which are susceptible
to a variety of attacks. Improperly configured devices
• Network infrastructure, e.g. a laptop connected to the
Security professionals need to lock down threat vectors in network, has an open Bluetooth stack beaconing for
Data Centers. Rogue devices, data exfiltration, misconfigured a keyboard.
equipment, personnel accountability, and insider threats
• Data Center equipment can employ proprietary or industry
are all possible via nefarious devices.
ICS protocols for managing aspects of the equipment
Company controlled WiFi networks may be protected to or environment. Security professionals have no visibility
some extent by existing products, but other wireless traffic into these devices and protocols and whether they are
is largely a blind spot. In a Data Center environment, an properly configured.
attacker exfiltrating data over LTE could easily go undetected • Employees and contractors who unknowingly carry a
because no traffic is going over the Data Center’s network. compromised cell phone, which once attached to an
internal WiFi network, open a 4G channel and begin
Data Center operators are not always aware of the wireless
beaconing out packets to the attackers abroad.
transceivers in the equipment they control. More equipment
today is being shipped with a “radio ready” control system Typical security solutions have no visibility into what devices
in addition to the Ethernet or Console control system that exist and operate within the radio frequency spectrum,
the Data Center intends to employ. However, we have found let alone if they are doing something nefarious.
that the radio control system, ZigBee or Z-Wave for example,
is usually default “ON” when it is shipped. In addition, default
bastille.net / info@bastille.net / 800.530.3341 11Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
solution
TSCM: Technical Surveillance Counter Measures
There are many ways for bad actors to exfiltrate information The Requirements for a Technical
from an organization. For example, covert transmitters can
Surveillance Counter Measure Solution
create voice or data channels that are difficult to detect. These
devices commonly use wireless protocols at unmonitored A TSCM security solution needs to:
frequencies. For data exfiltration, cellular protocols are the
1 Provide visibility into the wireless networks, traffic, and
most prevalent example of an “out-of-band” network that
can move large amounts of data. Organizations are finding devices operating in your environment,
it harder and harder to monitor the entire radio frequency 2 Inform you of the attack surface for each of these devices,
spectrum of protocols and bands for anomalous and/or
3 Alert on active wireless attacks on those devices through
high volume exfiltration signatures.
your existing SIEM systems, and
4 Suggest best practices for minimizing the attack surface
The Problem
and mitigating an attack in action.
Surveillance devices are becoming cheaper and easier to
access. There are countless numbers of inexpensive bugs, 5 Operate 24x7 to catch out-of-hours transmission of data
pwn plugs, and listening devices that can be purchased over
Specifically, a solution must:
the counter and over the Internet. They can be installed,
have their own computers, and have their own cellular • Detect all devices operating in the wireless spectrum
backhaul prepaid chips. These devices are not going over between 100 kHz and 6 GHz, to include WiFi, cellular,
the wire, through normal security teams’ monitoring Bluetooth, and the hundreds of other protocols in the
systems. Instead, the devices backhaul the data through Internet of Things (IoT)
unmonitored protocols. • Detect current and future protocols without requiring
hardware upgrades
Typically, when an organization needs to conduct a bug-
sweep, they hire an outside firm to do a one-time, point-in- • Detect known and unknown emitters via observing
time sweep that is rendered obsolete once the firm leaves. energy patterns
This is not only costly and time consuming, but also very • Provide awareness of any wireless threats including
disruptive. Unfortunately, most corporations only use bug- active attacks and rogue networks
sweeps once per quarter, or in close proximity to a ‘sensitive
moment or event’, leaving themselves susceptible to attack. • Detect data exfiltration via wireless devices
• Be always on
Surveillance vulnerabilities Include:
• Detect unauthorized devices
Rogue Wireless Devices and Networks
• Detect vulnerable devices being installed
being used for Data Exfiltration
• Detect anomalous wireless activity originating from the
• Typical exfiltration prevention techniques involve monitoring
campus
corporate networks and preventing the use of USB ports
for storage. However, by utilizing cellular or other “hard to • Alert on a wireless attack surface introduced by the
see” protocols, attackers can bypass these controls installation of new equipment
• Nefarious devices such as pwn plugs and pineapples that • Detect rogue cell towers which can send signals
are left to specifically steal data and backhaul that data into your facility
out over cellular
Unauthorized video systems planted in an organization
What Kind of Organizations
Need This Solution?
• Fortune 2000, financial services, technology, and other
companies with sensitive data or high risk areas
bastille.net / info@bastille.net / 800.530.3341 12Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
The Requirements for a Data • Alert on a wireless attack surface introduced by the
installation of new equipment in the Data Center,
Center Radio Security Solution
e.g. an HVAC system with ZigBee or a MouseJack
A Data Center radio security solution needs to: vulnerable keyboard
1 Provide visibility into the wireless networks, traffic, • Detect rogue cell towers which can send signals
and devices operating in your environment, into your facility
2 Inform you of the attack surface for each of these devices,
What Kind of Organizations
3 Alert on active wireless attacks on those devices through
your existing SIEM systems, and
Need This Solution?
• Fortune 2000, financial services, technology, and other
4 Suggest best practices for minimizing the attack surface
companies that manage their own Data Centers
and mitigating an attack in action.
• Data Center companies (hosting providers, etc.)
Specifically, a solution must:
• Cloud infrastructure providers
• Detect all devices operating in the wireless spectrum
between 100 kHz and 6 GHz, to include WiFi, cellular,
Bluetooth, and the hundreds of other protocols in the
Internet of Things (IoT)
• Capture wider spectrum not just specific protocols
• Provide awareness of any wireless threats including active
attacks, rogue networks, and misconfigured devices.
• Have the ability to track the movement of devices, which
include radios, to augment existing security measures.
• Show the movements of devices to help enforce access
policies.
• Detect unauthorized access
• Detect data exfiltration via wireless devices (large
volume of wireless data leaving the Data Center
premises over the cellular network)
• Allow the Data Center operator to quickly detect and
localize any malicious LTE or 3G modems
• Include geofencing capabilities to understand and
protect the location(s) of a customer’s servers within
a colocation facility
• Be always on
• Detect unauthorized devices entering the Data Center
• Detect vulnerable devices being installed
• Detect anomalous wireless activity originating from
the Data Center (independently from the protocol)
• Detect misconfigured devices
• Enforce company BYOD/IoT policy
bastille.net / info@bastille.net / 800.530.3341 13Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
Securing Enterprise Assets from IoT Risks Visibility into these threats is crucial. Enterprises need tools
that will help them identify airborne threats and allow for
It’s not difficult to make a business case for IoT security.
preemptive response. Which devices are accessing corporate
Most enterprises are critically vulnerable without the millions
air space? Where? What protocols are they using? Are they
of new mobile devices and sensors coming online each day.
permitted? Who do they belong to? This scale of ambient
When we factor in the exponential impact of IoT, the attack
detection enables security teams to see IoT risks in real time
surface becomes shockingly porous. Consider this:
and mitigate them before an attack transpires.
• Among organizations with over 5,000 computers, more
than 90 percent have an active breach at any given time.3 Enterprises that aren’t already tackling the IoT security threat
should be warned. IoT has opened the door to countless
• Approximately 90 percent of all IT networks will have an vulnerabilities across all facets of the business. The IoT security
IoT-based security breach within the next two years.4 threat is here and evolving at a pace that is unprecedented.
• More than half of IoT device manufacturers are unable Staying ahead of it is crucial to the health of the business.
to address product threats stemming from weak
security practices.5 1
Source: Gartner, Inc., Predicts 2016: Security for the Internet of Things, December 2015
2
Source: Garner, Inc., Press Release “Gartner Says 6.4 Billion Connected ‘Things’ Will Be
in Use in 2016, Up 30 Percent From 2015,” November 2015
To solve these challenges, CISOs must have an active role
3
Source: TechCrunch.com, “Why Breach Detection Is Your New Must-Have, Cyber Security
in shaping and executing business strategy. Security is no Tool,” November 2014
longer an IT or operational conversation; its one to be had 4
Source: IDC, Press Release “IDC Reveals Worldwide Internet of Things Predictions for
2015,” December 2014
with all C-level stakeholders. CISOs need to develop and
5
Source: Gartner, Inc., Predicts 2016: Security for the Internet of Things, December 2015
champion holistic, enterprise-wide security strategies that
monitor, manage and neutralize IoT-related threats at every
juncture across the organization.
bastille.net / info@bastille.net / 800.530.3341 14Security for the Internet of Radios
Real Threats, Right Now, Ready or Not
About Bastille
Launched in 2014, Bastille is the leader in enterprise threat
detection through software-defined radio. Bastille provides
full visibility into the known and unknown mobile, wireless
and Internet of Things devices inside an enterprise’s
corporate airspace–together known as the Internet of Radios.
Through its patented software-defined radio and machine
learning technology, Bastille senses, identifies and localizes
threats, providing security teams the ability to accurately
quantify risk and mitigate airborne threats that could pose
a danger to network infrastructure. For more information,
visit www.bastille.net and follow on Twitter @bastillenet.
team awards
• Darpa Spectrum Challenge
• Darpa Shredder Challenge
• GNU Radio Hacking Challenge
497 Lake Ave, santa cruz, cA 95062
info@bastille.net / 800.530.3341
© 2016 bastille networks. all rights reserved. bastille.net
All other trademarks and logos are the property of their respective ownersYou can also read
